root = RootCert('root') root.create_signed_cert('client') # Mock out a graphite server m = socket.socket(socket.AF_INET, socket.SOCK_STREAM) m.settimeout(10) m.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) m.bind((LOCALHOST, 13099)) m.listen(1) # start ghostunnel ghostunnel = run_ghostunnel(['client', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=client.p12', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT), '--metrics-interval=1s', '--cacert=root.crt', '--metrics-graphite=localhost:13099']) # wait for metrics to be sent conn, addr = m.accept() for line in conn.makefile().readlines(): if len(line.partition(' ')) != 3: raise Exception('invalid metric: ' + line) print_ok("OK") finally: terminate(ghostunnel)
#!/usr/bin/env python3 from common import LOCALHOST, RootCert, STATUS_PORT, print_ok, run_ghostunnel, terminate if __name__ == "__main__": ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('client') # start ghostunnel with bad proxy ghostunnel = run_ghostunnel(['client', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=client.p12', '--connect-proxy=ftp://invalid', '--cacert=root.crt', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)]) # wait for ghostunnel to exit and make sure error code is not zero ret = ghostunnel.wait(timeout=20) if ret == 0: raise Exception( 'ghostunnel terminated with zero, though flags were invalid') else: print_ok("OK (terminated)") # start ghostunnel with bad client listen addr ghostunnel = run_ghostunnel(['client', '--listen=invalid',
# create certs root = RootCert('root') root.create_signed_cert('server1') root.create_signed_cert('client') root.create_signed_cert( 'server2', san="IP:127.0.0.1,IP:::1,DNS:foobar") other_root = RootCert('other_root') other_root.create_signed_cert('other_server') # start ghostunnel ghostunnel = run_ghostunnel(['client', '--listen={0}:13001'.format(LOCALHOST), '--target=localhost:13002', '--keystore=client.p12', '--cacert=root.crt', '--timed-reload=1s', '--override-server-name=foobar', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)]) # connect to server1, confirm that the tunnel is up pair = SocketPair(TcpClient(13001), TlsServer( 'server2', 'root', 13002)) pair.validate_can_send_from_client( "hello world", "1: client -> server") pair.validate_can_send_from_server( "hello world", "1: server -> client") pair.validate_closing_client_closes_server( "1: client closed -> server closed")
from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, UnixServer, TlsClient, print_ok, run_ghostunnel, terminate if __name__ == "__main__": ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('server') root.create_signed_cert('client') # start ghostunnel server = UnixServer() ghostunnel = run_ghostunnel([ 'server', '--listen={0}:13001'.format(LOCALHOST), '--target=unix:{0}'.format(server.get_socket_path()), '--keystore=server.p12', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT), '--cacert=root.crt', '--allow-ou=client' ]) # connect with client, confirm that the tunnel is up pair = SocketPair(TlsClient('client', 'root', 13001), server) pair.validate_can_send_from_server("hello world", "1: server -> client") pair.validate_can_send_from_client("hello world", "1: client -> server") pair.validate_closing_server_closes_client( "1: server closed -> client closed") print_ok("OK") finally:
#!/usr/bin/env python3 from common import LOCALHOST, RootCert, STATUS_PORT, print_ok, run_ghostunnel, terminate if __name__ == "__main__": ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('server') # start ghostunnel with bad flags ghostunnel = run_ghostunnel(['client', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--connect-proxy=ftp://invalid', '--cacert=root.crt', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)]) # wait for ghostunnel to exit and make sure error code is not zero ret = ghostunnel.wait(timeout=20) if ret == 0: raise Exception( 'ghostunnel terminated with zero, though flags were invalid') else: print_ok("OK (terminated)") finally: terminate(ghostunnel)
#!/usr/bin/env python3 from common import LOCALHOST, RootCert, STATUS_PORT, print_ok, run_ghostunnel, terminate if __name__ == "__main__": ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('server') # start ghostunnel with bad access flags ghostunnel = run_ghostunnel([ 'server', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=server.p12', '--cacert=root.crt', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT) ]) # wait for ghostunnel to exit and make sure error code is not zero ret = ghostunnel.wait(timeout=20) if ret == 0: raise Exception( 'ghostunnel terminated with zero, though flags were invalid') else: print_ok("OK (terminated)") # start ghostunnel with bad listen addr ghostunnel = run_ghostunnel([ 'server', '--listen=invalid', '--target={0}:13002'.format(LOCALHOST), '--allow-all',
if __name__ == "__main__": ghostunnel = None try: # Only run PKCS11 tests if requested if 'GHOSTUNNEL_TEST_PKCS11' not in os.environ: sys.exit(0) # start ghostunnel # hack: point target to STATUS_PORT so that /_status doesn't 503. ghostunnel = run_ghostunnel(['server', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:{1}'.format(LOCALHOST, STATUS_PORT), '--keystore=../test-keys/server-cert.pem', '--pkcs11-module={0}'.format(os.environ['GHOSTUNNEL_TEST_PKCS11_MODULE']), '--pkcs11-token-label={0}'.format(os.environ['GHOSTUNNEL_TEST_PKCS11_LABEL']), '--pkcs11-pin={0}'.format(os.environ['GHOSTUNNEL_TEST_PKCS11_PIN']), '--cacert=../test-keys/cacert.pem', '--allow-ou=client', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)]) def urlopen(path): return urllib.request.urlopen(path, cafile='../test-keys/cacert.pem') # block until ghostunnel is up TcpClient(STATUS_PORT).connect(3) status = json.loads(str(urlopen( "https://{0}:{1}/_status".format(LOCALHOST, STATUS_PORT)).read(), 'utf-8')) metrics = json.loads(str(urlopen( "https://{0}:{1}/_metrics".format(LOCALHOST, STATUS_PORT)).read(), 'utf-8'))
if __name__ == '__main__': ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('server') root.create_signed_cert('client') # start ghostunnel # hack: point target to STATUS_PORT so that /_status doesn't 503. ghostunnel = run_ghostunnel(['server', '--quiet=all', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=server.p12', '--cacert=root.crt', '--allow-ou=client', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)], stdout=subprocess.PIPE, stderr=subprocess.PIPE) def urlopen(path): return urllib.request.urlopen(path, cafile='root.crt') # block until ghostunnel is up TcpClient(STATUS_PORT).connect(20) # send some requests to status endpoints metrics = json.loads(str(urlopen( 'https://{0}:{1}/_metrics'.format(LOCALHOST, STATUS_PORT)).read(), 'utf-8'))
from common import LOCALHOST, RootCert, STATUS_PORT, print_ok, run_ghostunnel, terminate if __name__ == "__main__": ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('server') # start ghostunnel with bad flags ghostunnel = run_ghostunnel(['server', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=server.p12', '--disable-authentication', '--allow-cn=test.example.com', '--cacert=root.crt', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)]) # wait for ghostunnel to exit and make sure error code is not zero ret = ghostunnel.wait(timeout=20) if ret == 0: raise Exception( 'ghostunnel terminated with zero, though flags were invalid') else: print_ok("OK (terminated)") finally: terminate(ghostunnel)
Spins up a client and tests systemd socket activation. """ from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, TcpClient, TlsServer, print_ok, run_ghostunnel, terminate from distutils.spawn import find_executable import sys if __name__ == "__main__": ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('client') # start ghostunnel ghostunnel = run_ghostunnel([ 'client', '--listen=launchd:client', '--target={0}:{1}'.format(LOCALHOST, STATUS_PORT), '--keystore=client.p12', '--status=systemd:status', '--cacert=root.crt' ]) ghostunnel.wait(timeout=10) if ghostunnel.returncode == 0: raise Exception('Should fail on invalid socket') print_ok("OK") finally: terminate(ghostunnel)
if __name__ == "__main__": ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('server') # start ghostunnel tempdir = mkdtemp() path = os.path.join(tempdir, 'ghostunnel-status-socket') ghostunnel = run_ghostunnel(['server', '--listen={0}:13001'.format(LOCALHOST), '--target=unix:{0}'.format(path), '--keystore=server.p12', '--cacert=root.crt', '--allow-ou=client', '--status=unix:{0}'.format(path)]) # wait for startup for i in range(0, 10): if os.path.exists(path): break time.sleep(1) # read status information conn = UnixHTTPConnection(path) conn.connect() conn.request('GET', '/_status')
#!/usr/bin/env python3 from common import LOCALHOST, RootCert, STATUS_PORT, print_ok, run_ghostunnel, terminate, assert_not_zero if __name__ == "__main__": ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('server') # start ghostunnel with bad flags ghostunnel1 = run_ghostunnel([ 'client', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=server.p12', '--disable-authentication', '--cacert=root.crt' ]) assert_not_zero(ghostunnel1) ghostunnel2 = run_ghostunnel([ 'client', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--cert=server.crt', '--key=server.key', '--disable-authentication', '--cacert=root.crt' ]) assert_not_zero(ghostunnel2) ghostunnel3 = run_ghostunnel([ 'client', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--key=server.crt', '--cacert=root.crt' ])
if __name__ == "__main__": ghostunnel = None try: # create certs root1 = RootCert('root1') root1.create_signed_cert('server1') root1.create_signed_cert('client1') root1.create_signed_cert('new_client1') root2 = RootCert('new_root') root2.create_signed_cert('server2') # start ghostunnel ghostunnel = run_ghostunnel([ 'client', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=client1.p12', '--timed-reload=1s', '--cacert=root1.crt', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT) ]) # ensure ghostunnel connects with server1 pair1 = SocketPair(TcpClient(13001), TlsServer('server1', 'root1', 13002)) pair1.validate_can_send_from_client("toto", "pair1 works") pair1.validate_client_cert("client1", "pair1: ou=client1 -> ...") # check certificate on status port TlsClient(None, 'root1', STATUS_PORT).connect(20, 'client1') print_ok("got client1 on /_status") # replace keystore and check ghostunnel connects with new_client1 print_ok("replacing certificates")
import time import os if __name__ == "__main__": ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('server') root.create_signed_cert('client') # start ghostunnel ghostunnel = run_ghostunnel(['server', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=server.p12', '--cacert=root.crt', '--allow-ou=client', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)]) # wait for startup TlsClient(None, 'root', STATUS_PORT).connect(20, 'server') # create connections with client pair1 = SocketPair( TlsClient('client', 'root', 13001), TcpServer(13002)) pair1.validate_can_send_from_client("toto", "pair1 works") # shut down ghostunnel with connection open, make sure it doesn't hang print_ok('attempting to terminate ghostunnel via SIGTERM signals') for n in range(0, 90):
# create certs root = RootCert('root') root.create_signed_cert('server') root.create_signed_cert('client') httpd = http.server.HTTPServer( (LOCALHOST, 13080), FakeConnectProxyHandler) server = threading.Thread(target=httpd.handle_request) server.start() # start ghostunnel ghostunnel = run_ghostunnel(['client', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=client.p12', '--cacert=root.crt', '--connect-proxy=http://{0}:13080'.format(LOCALHOST), '--connect-timeout=30s', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)]) # connect to server, confirm that the tunnel is up pair = SocketPair(TcpClient(13001), TlsServer('server', 'root', 13002)) pair.validate_can_send_from_client( 'hello world', '1: client -> server') pair.validate_can_send_from_server( 'hello world', '1: server -> client') pair.validate_closing_client_closes_server('closing client') pair.cleanup() print_ok("OK")
# create certs root = RootCert('root') root.create_signed_cert('server') httpd = http.server.HTTPServer( ('localhost', 13080), FakeMetricsBridgeHandler) server = threading.Thread(target=httpd.handle_request) server.start() # start ghostunnel ghostunnel = run_ghostunnel(['server', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=server.p12', '--cacert=root.crt', '--allow-ou=client', '--enable-pprof', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT), '--metrics-interval=1s', '--metrics-url=http://localhost:13080/post']) # wait for metrics to post for i in range(0, 10): if received_metrics: break else: # wait a little longer... time.sleep(1) if not received_metrics:
try: # create certs root = RootCert('root') root.create_signed_cert('server1') root.create_signed_cert('client') root.create_signed_cert('server2', san="IP:127.0.0.1,IP:::1,DNS:foobar") other_root = RootCert('other_root') other_root.create_signed_cert('other_server') # start ghostunnel ghostunnel = run_ghostunnel([ 'client', '--listen={0}:13001'.format(LOCALHOST), '--target=localhost:13002', '--keystore=client.p12', '--cacert=root.crt', '--timed-reload=1s', '--override-server-name=foobar', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT) ]) # connect to server1, confirm that the tunnel is up pair = SocketPair(TcpClient(13001), TlsServer('server2', 'root', 13002)) pair.validate_can_send_from_client("hello world", "1: client -> server") pair.validate_can_send_from_server("hello world", "1: server -> client") pair.validate_closing_client_closes_server( "1: client closed -> server closed") # connect to other_server, confirm that the tunnel isn't up
from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, UnixClient, TlsServer, print_ok, run_ghostunnel, terminate if __name__ == "__main__": ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('server') root.create_signed_cert('client') # start ghostunnel client = UnixClient() ghostunnel = run_ghostunnel(['client', '--listen=unix:{0}'.format(client.get_socket_path()), '--target={0}:13002'.format(LOCALHOST), '--keystore=client.p12', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT), '--cacert=root.crt']) # connect to server, confirm that the tunnel is up pair = SocketPair(client, TlsServer('server', 'root', 13002)) pair.validate_can_send_from_client( "hello world", "1: client -> server") pair.validate_can_send_from_server( "hello world", "1: server -> client") pair.validate_closing_client_closes_server( "1: client closed -> server closed") print_ok("OK") finally:
#!/usr/bin/env python3 from common import LOCALHOST, RootCert, STATUS_PORT, print_ok, run_ghostunnel, terminate if __name__ == "__main__": ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('server') # start ghostunnel with bad access flags ghostunnel = run_ghostunnel([ 'server', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=server.p12', '--cacert=root.crt', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT) ]) # wait for ghostunnel to exit and make sure error code is not zero ret = ghostunnel.wait(timeout=20) if ret == 0: raise Exception( 'ghostunnel terminated with zero, though flags were invalid') else: print_ok("OK (terminated)") # start ghostunnel with bad listen addr ghostunnel = run_ghostunnel([ 'server', '--listen=invalid', '--target={0}:13002'.format(LOCALHOST), '--allow-all',
root.create_signed_cert('client') root.create_signed_cert( 'server1', san='DNS:server1,IP:127.0.0.1,IP:::1,DNS:localhost') root.create_signed_cert( 'server2', san='DNS:server2,IP:127.0.0.1,IP:::1,DNS:localhost') other_root = RootCert('other_root') other_root.create_signed_cert('other_server') # start ghostunnel ghostunnel = run_ghostunnel(['client', '--listen={0}:13001'.format(LOCALHOST), '--target=localhost:13002', '--keystore=client.p12', '--verify-dns=server1', '--cacert=root.crt', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)]) # connect to server1, confirm that the tunnel is up pair = SocketPair(TcpClient(13001), TlsServer( 'server1', 'root', 13002)) pair.validate_can_send_from_client( "hello world", "1: client -> server") pair.validate_can_send_from_server( "hello world", "1: server -> client") pair.validate_closing_client_closes_server( "1: client closed -> server closed") # connect to server2, confirm that the tunnel isn't up
ghostunnel = None try: # create certs root1 = RootCert('root1') root1.create_signed_cert('server1') root1.create_signed_cert('client1') root1.create_signed_cert('new_client1') root2 = RootCert('new_root') root2.create_signed_cert('server2') # start ghostunnel ghostunnel = run_ghostunnel(['client', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=client1.p12', '--timed-reload=1s', '--cacert=root1.crt', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)]) # ensure ghostunnel connects with server1 pair1 = SocketPair(TcpClient(13001), TlsServer( 'server1', 'root1', 13002)) pair1.validate_can_send_from_client("toto", "pair1 works") pair1.validate_client_cert("client1", "pair1: ou=client1 -> ...") # check certificate on status port TlsClient(None, 'root1', STATUS_PORT).connect(20, 'client1') print_ok("got client1 on /_status") # replace keystore and check ghostunnel connects with new_client1
ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('server1') root.create_signed_cert('client') root.create_signed_cert('server2', san="IP:127.0.0.1,IP:::1,DNS:foobar") other_root = RootCert('other_root') other_root.create_signed_cert('other_server') # start ghostunnel ghostunnel = run_ghostunnel([ 'client', '--listen={0}:13001'.format(LOCALHOST), '--target=localhost:13002', '--keystore=client.p12', '--cacert=root.crt', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT) ]) # connect to server1, confirm that the tunnel is up pair = SocketPair(TcpClient(13001), TlsServer('server1', 'root', 13002)) pair.validate_can_send_from_client("hello world", "1: client -> server") pair.validate_can_send_from_server("hello world", "1: server -> client") pair.validate_closing_client_closes_server( "1: client closed -> server closed") # connect to other_server, confirm that the tunnel isn't up try:
if __name__ == "__main__": ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('server') root.create_signed_cert('client1') root.create_signed_cert('client2') other_root = RootCert('other_root') other_root.create_signed_cert('other_client1') # start ghostunnel ghostunnel = run_ghostunnel([ 'server', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=server.p12', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT), '--cacert=root.crt', '--disable-authentication' ]) # connect with no client cert, confirm that the tunnel is up pair = SocketPair(TlsClient(None, 'root', 13001), TcpServer(13002)) pair.validate_can_send_from_client("hello world", "1: client -> server") pair.validate_can_send_from_server("hello world", "1: server -> client") pair.validate_closing_client_closes_server( "1: client closed -> server closed") # connect with client1 cert, confirm that the tunnel is up pair2 = SocketPair(TlsClient('client1', 'root', 13001), TcpServer(13002))
from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, UnixClient, TlsServer, print_ok, run_ghostunnel, terminate if __name__ == "__main__": ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('server') root.create_signed_cert('client') # start ghostunnel client = UnixClient() ghostunnel = run_ghostunnel([ 'client', '--listen=unix:{0}'.format(client.get_socket_path()), '--target={0}:13002'.format(LOCALHOST), '--keystore=client.p12', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT), '--cacert=root.crt' ]) # connect to server, confirm that the tunnel is up pair = SocketPair(client, TlsServer('server', 'root', 13002)) pair.validate_can_send_from_client("hello world", "1: client -> server") pair.validate_can_send_from_server("hello world", "1: server -> client") pair.validate_closing_client_closes_server( "1: client closed -> server closed") print_ok("OK") finally: terminate(ghostunnel)
ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('server1') root.create_signed_cert( 'server2', san="IP:127.0.0.1,IP:::1,DNS:foobar") other_root = RootCert('other_root') other_root.create_signed_cert('other_server') # start ghostunnel ghostunnel = run_ghostunnel(['client', '--listen={0}:13001'.format(LOCALHOST), '--target=localhost:13002', '--cacert=root.crt', '--disable-authentication', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)]) # connect to server1, confirm that the tunnel is up pair = SocketPair(TcpClient(13001), TlsServer( 'server1', 'root', 13002, cert_reqs=ssl.CERT_NONE)) pair.validate_can_send_from_client( "hello world", "1: client -> server") pair.validate_can_send_from_server( "hello world", "1: server -> client") pair.validate_closing_client_closes_server( "1: client closed -> server closed") # connect to other_server, confirm that the tunnel isn't up
import signal import json import sys if __name__ == "__main__": ghostunnel = None try: root = RootCert('root') root.create_signed_cert('server') root.create_signed_cert('client') # start ghostunnel ghostunnel = run_ghostunnel([ 'server', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--cert=server.crt', '--key=server.key', '--cacert=root.crt', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT), '--allow-ou=client' ]) # connect with client, confirm that the tunnel is up pair = SocketPair(TlsClient('client', 'root', 13001), TcpServer(13002)) pair.validate_can_send_from_client("hello world", "1: client -> server") pair.validate_can_send_from_server("hello world", "1: server -> client") pair.validate_closing_client_closes_server( "1: client closed -> server closed") print_ok("OK") finally:
import urllib.error import urllib.parse import time import json if __name__ == "__main__": ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('server') # start ghostunnel ghostunnel = run_ghostunnel([ 'server', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=server.p12', '--cacert=root.crt', '--allow-ou=client', '--enable-pprof', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT) ]) def urlopen(path): return urllib.request.urlopen(path, cafile='root.crt') # Wait until ghostunnel is up TcpClient(STATUS_PORT).connect(20) # Load JSON metrics received_metrics1 = json.loads( str( urlopen("https://{0}:{1}/_metrics?format=json".format( LOCALHOST, STATUS_PORT)).read(), 'utf-8'))
#!/usr/bin/env python3 from common import LOCALHOST, RootCert, STATUS_PORT, print_ok, run_ghostunnel, terminate, assert_not_zero if __name__ == "__main__": ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('server') # start ghostunnel with bad flags ghostunnel1 = run_ghostunnel([ 'server', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=server.p12', '--disable-authentication', '--allow-cn=test.example.com', '--cacert=root.crt' ]) assert_not_zero(ghostunnel1) ghostunnel2 = run_ghostunnel([ 'server', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=server.p12', '--cert=server.crt', '--key=server.key', '--cacert=root.crt' ]) assert_not_zero(ghostunnel2) ghostunnel3 = run_ghostunnel([ 'server', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--cert=server.crt', '--cacert=root.crt'
import json if __name__ == '__main__': ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('server') root.create_signed_cert('client') # start ghostunnel # hack: point target to STATUS_PORT so that /_status doesn't 503. ghostunnel = run_ghostunnel([ 'server', '--quiet=conns', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=server.p12', '--cacert=root.crt', '--allow-ou=client', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT) ], stdout=subprocess.PIPE, stderr=subprocess.PIPE) def urlopen(path): return urllib.request.urlopen(path, cafile='root.crt') # block until ghostunnel is up TcpClient(STATUS_PORT).connect(20) # send some requests to status endpoints metrics = json.loads( str( urlopen('https://{0}:{1}/_metrics'.format( LOCALHOST, STATUS_PORT)).read(), 'utf-8'))
if __name__ == "__main__": ghostunnel = None n_clients = 10 allow_ou = [] try: # create certs root = RootCert('root') root.create_signed_cert('server') for n in range(1, n_clients): root.create_signed_cert("client{0}".format(n)) allow_ou.append("--allow-ou=client{0}".format(n)) # start ghostunnel ghostunnel = run_ghostunnel([ 'server', '--listen={0}:13001'.format( LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=server.p12', '--status={0}:{1}'.format( LOCALHOST, STATUS_PORT), '--cacert=root.crt' ] + allow_ou) # clients should be able to communicate all at the same time. procs = [] for n in range(1, n_clients): pair = SocketPair(TlsClient("client{0}".format(n), 'root', 13001), TcpServer(13002)) proc = Process(target=send_data, args=( n, pair, )) proc.start() procs.append(proc) for proc in procs:
#!/usr/bin/env python3 from common import LOCALHOST, RootCert, STATUS_PORT, print_ok, run_ghostunnel, terminate, assert_not_zero if __name__ == "__main__": ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('server') # start ghostunnel with bad flags ghostunnel1 = run_ghostunnel([ 'server', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=server.p12', '--disable-authentication', '--allow-cn=test.example.com', '--cacert=root.crt' ]) assert_not_zero(ghostunnel1) ghostunnel2 = run_ghostunnel([ 'server', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=server.p12', '--cert=server.crt', '--key=server.key', '--cacert=root.crt' ]) assert_not_zero(ghostunnel2) ghostunnel3 = run_ghostunnel([ 'server', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--cert=server.crt', '--cacert=root.crt'
if __name__ == "__main__": ghostunnel = None try: # create certs root = RootCert('root') root.create_signed_cert('server1') root.create_signed_cert('server2', san="IP:127.0.0.1,IP:::1,DNS:foobar") other_root = RootCert('other_root') other_root.create_signed_cert('other_server') # start ghostunnel ghostunnel = run_ghostunnel([ 'client', '--listen={0}:13001'.format(LOCALHOST), '--target=localhost:13002', '--cacert=root.crt', '--disable-authentication', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT) ]) # connect to server1, confirm that the tunnel is up pair = SocketPair( TcpClient(13001), TlsServer('server1', 'root', 13002, cert_reqs=ssl.CERT_NONE)) pair.validate_can_send_from_client("hello world", "1: client -> server") pair.validate_can_send_from_server("hello world", "1: server -> client") pair.validate_closing_client_closes_server( "1: client closed -> server closed") # connect to other_server, confirm that the tunnel isn't up
) sys.exit(0) try: # create certs root = RootCert('root') root.create_signed_cert('client') # start ghostunnel ghostunnel = run_ghostunnel([ 'client', '--listen=systemd:client', '--target={0}:{1}'.format( LOCALHOST, STATUS_PORT), '--keystore=client.p12', '--status=systemd:status', '--cacert=root.crt' ], prefix=[ 'systemd-socket-activate', '--listen={0}:13001'.format(LOCALHOST), '--listen={0}:{1}'.format( LOCALHOST, STATUS_PORT), '--fdname=client:status', '-E=GHOSTUNNEL_INTEGRATION_TEST', '-E=GHOSTUNNEL_INTEGRATION_ARGS', ]) # Connect on status port to trigger socket activation # so it will spin up the ghostunnel instance TcpClient(STATUS_PORT).connect(20) print_ok("OK") finally: terminate(ghostunnel)